Azure Key Vault KMS
The Wallet API supports Azure Key Vault as a key management solution. You can utilize Azure Key Vault to store your cryptographic keys in a secure and scalable way.
Key Creation
Below you find an example call to create a key in Azure Key Vault and associate it with a wallet managed by the Wallet API.
The only thing that is important to note for the creation, that our system is only compatible with the following Key types offered by the Azure Key Vault:
- RSA , SECP256R1, SECP256K1
Azure
Endpoint:/keys/generate | API Reference
Example Request
curl -X 'POST' \
'https://wallet.walt.id/wallet-api/wallet/f01f8f55-d098-4c53-b47b-c97552829b39/keys/generate' \
-H 'accept: */*' \
-H 'Content-Type: application/json' \
-d '{
"backend": "azure",
"config": {
"auth": {
"vaultUrl": "https://<key-vault-name>.vault.azure.net/",
"clientId": "<application-id>",
"tenantId": "<tenant-id>",
"clientSecret": "<client-secret>"
}
},
"keyType": "secp256r1"
}'
Body
{
"backend": "azure",
"config": {
"auth": {
"vaultUrl": "https://<key-vault-name>.vault.azure.net/",
"clientId": "<application-id>",
"tenantId": "<tenant-id>",
"clientSecret": "<client-secret>"
}
},
"keyType": "secp256r1"
}
Body Parameters
backend: String - The location where the key is stored. In our caseazureas we want to store it in azure's key vault.configvaultUrl: String - The URL of the Azure Key Vault.clientId: String - The client ID of the Azure AD application.tenantId: String - The tenant ID of the Azure AD application.clientSecret: String - The client secret of the Azure AD application.
keyType: String - the algorithm used to generate the key. For AWS only RSA and secp256r1 and secp256k1 is possible.
Example Response
The API will respond with the ID of the key. This ID is the internal reference and can be used in operations such as DID create or key delete.
Kki22j4lUwo1gtDfdvdCgOE0hhKcNHgIZSzSxU0CugE